You\u2019re\u00a0getting ready to make a document production to the other side. You\u2019re\u00a0worried though that the other side may use GenAI tools\u00a0on the documents\u00a0that don\u2019t ensure\u00a0they\u00a0are protected from\u00a0public\u00a0disclosure.<\/p>\n
You ask to see the other side\u2019s policies just to be sure. They refuse.\u00a0<\/p>\n
You ask the judge for a protective order since some of\u00a0your\u00a0documents contain trade secrets. The other side argues you are just delaying production and trying to make it hard for them to find and review documents. The judge denies your motion. Six months later, the documents turn up in the ChatGPT database.\u00a0You move for\u00a0sanctions,\u00a0but the economic damage is already done.<\/p>\n
The Reality<\/strong><\/p>\n Think this couldn\u2019t happen? Think again. We live in a world of\u00a0interconnected\u00a0GenAI tools\u00a0where\u00a0inadvertent\u00a0or\u00a0unintentional disclosure\u00a0can easily\u00a0happen. And\u00a0the ease of use makes\u00a0the temptation to\u00a0and likelihood of\u00a0use\u00a0of\u00a0these tools\u00a0pretty\u00a0great.\u00a0<\/p>\n Moreover,\u00a0it\u00a0just takes one slip up\u00a0for documents to be jeopardized.\u00a0Finally, while you may be able to control your shop, you have little control once the documents leave your hands.<\/p>\n I talked to\u00a0Matt Mahon<\/a>,\u00a0VP of Customer Experience at Level\u00a0Legal<\/a>, recently about these\u00a0very problems.\u00a0Level Legal is\u00a0an e-discovery provider;\u00a0I have written about the company\u00a0before<\/a>.\u00a0I have found its people\u00a0to be\u00a0some of the most insightful in the business. And\u00a0it\u2019s refreshing\u00a0to find a company in the space that is long on substance and short on hype.\u00a0Mahon has thought a lot about the problems GenAI poses in the discovery context.<\/p>\n Mahon agreed that using GenAI tools to\u00a0review\u00a0your own\u00a0documents pre-production is fine\u00a0as long as\u00a0you have a good policy in place, you train your people\u00a0thoroughly, and \u201cconsistently remind team members of how to use\u00a0the tools.\u201d<\/p>\n But he gave me several examples of how your documents\u00a0could end up in public once they get in the other side\u2019s hands.<\/p>\n Some Problematic Examples<\/strong><\/p>\n Mobile phones are a prime risk says Mahon. \u201cIt\u2019s easy to download an email attachment to your phone, import it into your ChatGPT app, and risk a potential breach.\u201d<\/p>\n Another common example: someone\u00a0attaches\u00a0a photo of a document\u00a0to\u00a0their\u00a0phone photo app\u00a0to\u00a0review later or for\u00a0use in a deposition. Mahon\u00a0legitimately\u00a0asks,\u00a0\u201cWhere does the photo go when you do that? I couldn\u2019t tell you for sure. Some apps could allow an LLM to learn from the picture.\u201d\u00a0Moreover,\u00a0as\u00a0he points out, apps update\u00a0their policies all the time and\u00a0users\u00a0often\u00a0don\u2019t know what new permissions may have been added.<\/p>\n Another example:\u00a0someone on the other side uses\u00a0a GenAI tool to summarize some documents, letting the proverbial horse out of the barn. Mahon\u00a0also\u00a0talked about the risk of providing documents to experts\u00a0which\u00a0further\u00a0widens the field of risks. The expert\u00a0might\u00a0use\u00a0a\u00a0GenAI\u00a0tool\u00a0to be efficient,\u00a0for example,\u00a0making the documents public.<\/p>\n Or what if the expert or even one of the lawyers on the other side use a GenAI bot on their email\u00a0to help\u00a0organize\u00a0it and\u00a0help with\u00a0replies and calendaring. If\u00a0that\u00a0email has a sensitive document attached as a PDF \u2014 picture an\u00a0associate sending a hot PDF document to a partner with a\u00a0\u201clook at this\u201d\u00a0statement \u2014 the document\u00a0is now in the public domain. \u00a0<\/p>\n Mahon\u00a0also told me that tools like Dropbox\u00a0may\u00a0allow\u00a0LLM tools\u00a0to\u00a0run in the background\u00a0on stored documents. \u201cThese connections between different systems and applications can result in data\u00a0getting downloaded\u00a0in all sorts of ways.\u201d<\/p>\n Yet another looming risk is posed by the proliferation of AI agents, says Mahon. \u201cAgents\u00a0can be\u00a0installed on systems that have full file system access.\u00a0Others\u00a0are monitoring emails some of which may contain\u00a0attorney-client privilege\u00a0communications, and these AI agents are reading those emails too,\u00a0which\u00a0would potentially\u00a0jeopardize\u00a0confidentiality and\u00a0risk\u00a0waiving privilege.\u201d<\/p>\n So many ways that sensitive documents can go\u00a0public, many inadvertently.\u00a0And there\u2019s not a whole lot of\u00a0good\u00a0solutions.<\/p>\n Solutions<\/strong>\u00a0Remain Elusive<\/strong><\/p>\n There are\u00a0some ways to reduce\u00a0risk,\u00a0but none are foolproof. The parties could\u00a0by agreement provide and ensure reasonable protections. Or\u00a0they could\u00a0retain a\u00a0third-party\u00a0provider to hold the documents and allow use subject to certain parameters, according to Mahon.\u00a0And there\u2019s always the option of seeking judicial intervention.\u00a0<\/p>\n But all these solutions are all too often difficult to obtain.\u00a0A fundamental\u00a0problem is that even today, after years of dealing with e-discovery, too many\u00a0practitioners\u00a0don\u2019t understand it, don\u2019t want to deal with it, and remain ignorant of basic\u00a0principles. They don\u2019t get\u00a0e-discovery\u00a0in general, much less the increased risk GenAI poses.\u00a0Moreover, lawyers and legal professionals aren\u2019t exactly known for being proactive with technology in general.\u00a0All of this makes agreement\u00a0difficult. <\/p>\n The problem is\u00a0also\u00a0compounded by our adversary system.\u00a0Trying to\u00a0ensure\u00a0reasonable protections\u00a0by agreement\u00a0is almost always going to be met with opposition given that\u00a0firms use some many different systems and some have more protections in place than others.\u00a0And agreement requires\u00a0revealing\u00a0information about what a law firm is doing internally, always a sensitive topic.\u00a0The problems\u00a0are\u00a0compounded even more where one side in a case has lots of\u00a0documents\u00a0and the other side few as in most personal injury cases.<\/p>\n And most lawyers aren\u2019t going to be happy with being forced into using a third-party provider that takes time and energy to use to review and use documents.<\/p>\n Trying to talk a judge into intervening is also problematic. Most judges hate discovery disputes\u00a0since they inevitably devolve into \u201che said, she said\u201d arguments. And the constant gamesmanship from both sides leads judges to either punt the issue back to the parties or maintain the status quo\u00a0by not entering\u00a0orders requiring things\u00a0beyond that\u00a0spelled out in\u00a0the rules.<\/p>\n But Mahon says without some sort of protections in place,\u00a0parties\u2019 privacy\u00a0could\u00a0be at risk in virtually\u00a0every\u00a0case. Granted, many documents produced in litigation carry no privacy expectation in any event. And we are all used to less privacy in general.<\/p>\n But some documents \u2014 like those containing trade secrets \u2014 are highly sensitive and\u00a0making them public is a real economic threat to a business and individuals.\u00a0Medical records are also sensitive and\u00a0additionally are\u00a0covered by various\u00a0privacy\u00a0regulations.<\/p>\n What\u2019s Needed<\/strong><\/p>\n What\u2019s really needed is for reputable think tanks like Sedona to become\u00a0involved and offer guidance. What\u2019s really needed is for rulemaking bodies to offer procedural and discovery rules\u00a0that clearly state expectations and\u00a0requirements.\u00a0<\/p>\n Yet thus far, the rulemaking bodies ignore real risks like\u00a0GenAI and deepfakes and concentrate on things like requiring lay\u00a0witnesses\u00a0using GenAI\u00a0materials to satisfy\u00a0expert\u00a0witness standards. While\u00a0that may be of some value, it\u00a0ignores\u00a0far more serious\u00a0threats\u00a0as I\u00a0have written<\/a>.<\/p>\n Stronger rules and statements\u00a0from\u00a0well-respected\u00a0bodies on how to protect\u00a0discovery\u00a0documents\u00a0would at least provide a base from which judges could\u00a0view protection requests. It would validate the idea that firms working with documents obtained\u00a0through\u00a0discovery need to\u00a0adequately\u00a0protect those documents from disclosure.\u00a0It would sensitize courts and lawyers for that matter to the very real risk of\u00a0inadvertent\u00a0disclosure.<\/p>\n It has long been the case that turning over digital documents to the other side risks disclosure of sensitive\u00a0documents. Now though, with the advent of GenAI and GenAI agents, that risk is compounded exponentially. As a profession, we can\u2019t hide our heads in the sand and ignore that reality.<\/p>\n Stephen Embry is a lawyer, speaker, blogger, and writer. He publishes\u00a0TechLaw Crossroads<\/a>, a blog devoted to the examination of the tension between technology, the law, and the practice of law<\/strong><\/em>.<\/p>\n The post I\u2019ve Taken Steps To Protect My Client\u2019s Documents: But What Happens Post-Production?<\/a> appeared first on Above the Law<\/a>.<\/p>\n You\u2019re\u00a0getting ready to make a document production to the other side. You\u2019re\u00a0worried though that the other side may use GenAI tools\u00a0on the documents\u00a0that don\u2019t ensure\u00a0they\u00a0are protected from\u00a0public\u00a0disclosure.<\/p>\n You ask to see the other side\u2019s policies just to be sure. They refuse.\u00a0<\/p>\n You ask the judge for a protective order since some of\u00a0your\u00a0documents contain trade secrets. The other side argues you are just delaying production and trying to make it hard for them to find and review documents. The judge denies your motion. Six months later, the documents turn up in the ChatGPT database.\u00a0You move for\u00a0sanctions,\u00a0but the economic damage is already done.<\/p>\n The Reality<\/strong><\/p>\n Think this couldn\u2019t happen? Think again. We live in a world of\u00a0interconnected\u00a0GenAI tools\u00a0where\u00a0inadvertent\u00a0or\u00a0unintentional disclosure\u00a0can easily\u00a0happen. And\u00a0the ease of use makes\u00a0the temptation to\u00a0and likelihood of\u00a0use\u00a0of\u00a0these tools\u00a0pretty\u00a0great.\u00a0<\/p>\n Moreover,\u00a0it\u00a0just takes one slip up\u00a0for documents to be jeopardized.\u00a0Finally, while you may be able to control your shop, you have little control once the documents leave your hands.<\/p>\n I talked to\u00a0Matt Mahon<\/a>,\u00a0VP of Customer Experience at Level\u00a0Legal<\/a>, recently about these\u00a0very problems.\u00a0Level Legal is\u00a0an e-discovery provider;\u00a0I have written about the company\u00a0before<\/a>.\u00a0I have found its people\u00a0to be\u00a0some of the most insightful in the business. And\u00a0it\u2019s refreshing\u00a0to find a company in the space that is long on substance and short on hype.\u00a0Mahon has thought a lot about the problems GenAI poses in the discovery context.<\/p>\n Mahon agreed that using GenAI tools to\u00a0review\u00a0your own\u00a0documents pre-production is fine\u00a0as long as\u00a0you have a good policy in place, you train your people\u00a0thoroughly, and \u201cconsistently remind team members of how to use\u00a0the tools.\u201d<\/p>\n But he gave me several examples of how your documents\u00a0could end up in public once they get in the other side\u2019s hands.<\/p>\n Some Problematic Examples<\/strong><\/p>\n Mobile phones are a prime risk says Mahon. \u201cIt\u2019s easy to download an email attachment to your phone, import it into your ChatGPT app, and risk a potential breach.\u201d<\/p>\n Another common example: someone\u00a0attaches\u00a0a photo of a document\u00a0to\u00a0their\u00a0phone photo app\u00a0to\u00a0review later or for\u00a0use in a deposition. Mahon\u00a0legitimately\u00a0asks,\u00a0\u201cWhere does the photo go when you do that? I couldn\u2019t tell you for sure. Some apps could allow an LLM to learn from the picture.\u201d\u00a0Moreover,\u00a0as\u00a0he points out, apps update\u00a0their policies all the time and\u00a0users\u00a0often\u00a0don\u2019t know what new permissions may have been added.<\/p>\n Another example:\u00a0someone on the other side uses\u00a0a GenAI tool to summarize some documents, letting the proverbial horse out of the barn. Mahon\u00a0also\u00a0talked about the risk of providing documents to experts\u00a0which\u00a0further\u00a0widens the field of risks. The expert\u00a0might\u00a0use\u00a0a\u00a0GenAI\u00a0tool\u00a0to be efficient,\u00a0for example,\u00a0making the documents public.<\/p>\n Or what if the expert or even one of the lawyers on the other side use a GenAI bot on their email\u00a0to help\u00a0organize\u00a0it and\u00a0help with\u00a0replies and calendaring. If\u00a0that\u00a0email has a sensitive document attached as a PDF \u2014 picture an\u00a0associate sending a hot PDF document to a partner with a\u00a0\u201clook at this\u201d\u00a0statement \u2014 the document\u00a0is now in the public domain. \u00a0<\/p>\n Mahon\u00a0also told me that tools like Dropbox\u00a0may\u00a0allow\u00a0LLM tools\u00a0to\u00a0run in the background\u00a0on stored documents. \u201cThese connections between different systems and applications can result in data\u00a0getting downloaded\u00a0in all sorts of ways.\u201d<\/p>\n Yet another looming risk is posed by the proliferation of AI agents, says Mahon. \u201cAgents\u00a0can be\u00a0installed on systems that have full file system access.\u00a0Others\u00a0are monitoring emails some of which may contain\u00a0attorney-client privilege\u00a0communications, and these AI agents are reading those emails too,\u00a0which\u00a0would potentially\u00a0jeopardize\u00a0confidentiality and\u00a0risk\u00a0waiving privilege.\u201d<\/p>\n So many ways that sensitive documents can go\u00a0public, many inadvertently.\u00a0And there\u2019s not a whole lot of\u00a0good\u00a0solutions.<\/p>\n Solutions<\/strong>\u00a0Remain Elusive<\/strong><\/p>\n There are\u00a0some ways to reduce\u00a0risk,\u00a0but none are foolproof. The parties could\u00a0by agreement provide and ensure reasonable protections. Or\u00a0they could\u00a0retain a\u00a0third-party\u00a0provider to hold the documents and allow use subject to certain parameters, according to Mahon.\u00a0And there\u2019s always the option of seeking judicial intervention.\u00a0<\/p>\n But all these solutions are all too often difficult to obtain.\u00a0A fundamental\u00a0problem is that even today, after years of dealing with e-discovery, too many\u00a0practitioners\u00a0don\u2019t understand it, don\u2019t want to deal with it, and remain ignorant of basic\u00a0principles. They don\u2019t get\u00a0e-discovery\u00a0in general, much less the increased risk GenAI poses.\u00a0Moreover, lawyers and legal professionals aren\u2019t exactly known for being proactive with technology in general.\u00a0All of this makes agreement\u00a0difficult. <\/p>\n The problem is\u00a0also\u00a0compounded by our adversary system.\u00a0Trying to\u00a0ensure\u00a0reasonable protections\u00a0by agreement\u00a0is almost always going to be met with opposition given that\u00a0firms use some many different systems and some have more protections in place than others.\u00a0And agreement requires\u00a0revealing\u00a0information about what a law firm is doing internally, always a sensitive topic.\u00a0The problems\u00a0are\u00a0compounded even more where one side in a case has lots of\u00a0documents\u00a0and the other side few as in most personal injury cases.<\/p>\n And most lawyers aren\u2019t going to be happy with being forced into using a third-party provider that takes time and energy to use to review and use documents.<\/p>\n Trying to talk a judge into intervening is also problematic. Most judges hate discovery disputes\u00a0since they inevitably devolve into \u201che said, she said\u201d arguments. And the constant gamesmanship from both sides leads judges to either punt the issue back to the parties or maintain the status quo\u00a0by not entering\u00a0orders requiring things\u00a0beyond that\u00a0spelled out in\u00a0the rules.<\/p>\n But Mahon says without some sort of protections in place,\u00a0parties\u2019 privacy\u00a0could\u00a0be at risk in virtually\u00a0every\u00a0case. Granted, many documents produced in litigation carry no privacy expectation in any event. And we are all used to less privacy in general.<\/p>\n But some documents \u2014 like those containing trade secrets \u2014 are highly sensitive and\u00a0making them public is a real economic threat to a business and individuals.\u00a0Medical records are also sensitive and\u00a0additionally are\u00a0covered by various\u00a0privacy\u00a0regulations.<\/p>\n What\u2019s Needed<\/strong><\/p>\n What\u2019s really needed is for reputable think tanks like Sedona to become\u00a0involved and offer guidance. What\u2019s really needed is for rulemaking bodies to offer procedural and discovery rules\u00a0that clearly state expectations and\u00a0requirements.\u00a0<\/p>\n Yet thus far, the rulemaking bodies ignore real risks like\u00a0GenAI and deepfakes and concentrate on things like requiring lay\u00a0witnesses\u00a0using GenAI\u00a0materials to satisfy\u00a0expert\u00a0witness standards. While\u00a0that may be of some value, it\u00a0ignores\u00a0far more serious\u00a0threats\u00a0as I\u00a0have written<\/a>.<\/p>\n Stronger rules and statements\u00a0from\u00a0well-respected\u00a0bodies on how to protect\u00a0discovery\u00a0documents\u00a0would at least provide a base from which judges could\u00a0view protection requests. It would validate the idea that firms working with documents obtained\u00a0through\u00a0discovery need to\u00a0adequately\u00a0protect those documents from disclosure.\u00a0It would sensitize courts and lawyers for that matter to the very real risk of\u00a0inadvertent\u00a0disclosure.<\/p>\n It has long been the case that turning over digital documents to the other side risks disclosure of sensitive\u00a0documents. Now though, with the advent of GenAI and GenAI agents, that risk is compounded exponentially. As a profession, we can\u2019t hide our heads in the sand and ignore that reality.<\/p>\n Stephen Embry is a lawyer, speaker, blogger, and writer. He publishes\u00a0TechLaw Crossroads<\/a>, a blog devoted to the examination of the tension between technology, the law, and the practice of law<\/strong><\/em>.<\/p>\n The post I\u2019ve Taken Steps To Protect My Client\u2019s Documents: But What Happens Post-Production?<\/a> appeared first on Above the Law<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" You\u2019re\u00a0getting ready to make a document production to the other side. You\u2019re\u00a0worried though that the other side may use GenAI tools\u00a0on the documents\u00a0that don\u2019t ensure\u00a0they\u00a0are protected from\u00a0public\u00a0disclosure. You ask to see the other side\u2019s policies just to be sure. They refuse.\u00a0 You ask the judge for a protective order since some of\u00a0your\u00a0documents contain trade secrets. […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[16],"tags":[],"class_list":["post-143505","post","type-post","status-publish","format-standard","hentry","category-above_the_law"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts\/143505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/comments?post=143505"}],"version-history":[{"count":0,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts\/143505\/revisions"}],"wp:attachment":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/media?parent=143505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/categories?post=143505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/tags?post=143505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n
\n